dealspace/portal/templates/auth/login.html

{{define "content"}}
  <div class="w-full max-w-md px-6">
    <!-- Logo -->
    <div class="text-center mb-10">
      <h1 class="text-3xl font-bold text-white tracking-tight">
        <span class="text-[#c9a84c]">Deal</span>space
      </h1>
      <p class="text-[#b0bec5] mt-2 text-sm">Secure M&A deal management</p>
    </div>

    <div class="bg-[#0d1f3c] border border-white/[0.08] rounded-xl p-8">
      <h2 class="text-xl font-semibold text-white mb-2">Sign in</h2>
      <p id="login-hint" class="text-[#b0bec5] text-sm mb-6">Enter your email to receive a login code.</p>

      <div id="error-email" class="hidden mb-4 p-3 bg-red-500/10 border border-red-500/20 rounded-lg text-red-400 text-sm"></div>
      <div id="error-code" class="hidden mb-4 p-3 bg-red-500/10 border border-red-500/20 rounded-lg text-red-400 text-sm"></div>

      <div class="space-y-5">
        <!-- Email -->
        <div>
          <label for="email" class="block text-sm font-medium text-[#b0bec5] mb-1.5">Email</label>
          <input type="email" id="email" name="email" required autocomplete="email" autofocus
            placeholder="you@company.com"
            class="w-full px-4 py-2.5 bg-[#0a1628] border border-white/[0.08] rounded-lg text-white placeholder-[#8899a6] focus:outline-none focus:border-[#c9a84c] focus:ring-1 focus:ring-[#c9a84c] transition">
        </div>

        <!-- Code (always visible) -->
        <div>
          <label for="code" class="block text-sm font-medium text-[#b0bec5] mb-1.5">Login code</label>
          <input type="text" id="code" name="code" autocomplete="one-time-code"
            maxlength="6" inputmode="numeric" pattern="[0-9]*"
            placeholder="000000"
            class="code-input w-full px-4 py-3 bg-[#0a1628] border border-white/[0.08] rounded-lg text-[#c9a84c] placeholder-[#8899a6] focus:outline-none focus:border-[#c9a84c] focus:ring-1 focus:ring-[#c9a84c] transition">
          <p id="code-status" class="text-[#8899a6] text-xs mt-1.5"></p>
        </div>

        <button type="button" id="emailBtn" onclick="sendCode()"
          class="w-full py-2.5 bg-[#c9a84c] hover:bg-[#b8973f] text-[#0a1628] font-semibold rounded-lg transition disabled:opacity-50">
          Send login code
        </button>
        <button type="button" id="codeBtn" onclick="verifyCode()" style="display:none"
          class="w-full py-2.5 bg-[#c9a84c] hover:bg-[#b8973f] text-[#0a1628] font-semibold rounded-lg transition disabled:opacity-50">
          Verify & sign in
        </button>

        <div id="resendRow" style="display:none" class="flex items-center justify-center">
          <button id="resendBtn" onclick="resendCode()" class="text-[#c9a84c] text-sm hover:text-[#b8973f] transition">
            Resend code
          </button>
        </div>
      </div>
    </div>

    <p class="text-center text-[#8899a6] text-xs mt-6">
      Don&rsquo;t have an account? Dealspace is invite-only.<br>
      <a href="/#demo" class="text-[#c9a84c] hover:underline">Request access on muskepo.com</a>
    </p>
    <p class="text-center text-[#8899a6] text-xs mt-3">&copy; 2026 Muskepo B.V. — Amsterdam</p>
  </div>
{{end}}

{{define "scripts"}}
  <script>
    // Parse ?next= redirect URL
    const params = new URLSearchParams(window.location.search);
    const nextURL = params.get('next') || '/app/projects';

    // If already logged in, redirect
    if (localStorage.getItem('ds_token')) {
      // Set cookie too (for server-side auth like OAuth consent)
      document.cookie = 'ds_token=' + localStorage.getItem('ds_token') + '; path=/; SameSite=Lax; max-age=3600';
      window.location.href = nextURL;
    }

    let currentEmail = '';
    let codeSent = false;

    // Enter on email field sends code, Enter on code field verifies
    document.getElementById('email').addEventListener('keydown', (e) => {
      if (e.key === 'Enter') { e.preventDefault(); sendCode(); }
    });
    document.getElementById('code').addEventListener('keydown', (e) => {
      if (e.key === 'Enter') { e.preventDefault(); verifyCode(); }
    });

    async function sendCode() {
      const btn = document.getElementById('emailBtn');
      const errorEl = document.getElementById('error-email');
      const statusEl = document.getElementById('code-status');
      currentEmail = document.getElementById('email').value.trim().toLowerCase();
      if (!currentEmail) return;

      btn.disabled = true;
      btn.textContent = 'Sending...';
      errorEl.classList.add('hidden');
      statusEl.textContent = 'Sending code...';

      try {
        const res = await fetch('/api/auth/challenge', {
          method: 'POST',
          headers: { 'Content-Type': 'application/json' },
          body: JSON.stringify({ email: currentEmail }),
        });
        const data = await res.json();
        if (!res.ok) throw new Error(data.error || 'Failed to send code');

        codeSent = true;
        statusEl.textContent = 'Code sent to ' + currentEmail;
        document.getElementById('emailBtn').style.display = 'none';
        document.getElementById('codeBtn').style.display = 'block';
        document.getElementById('resendRow').style.display = 'flex';
        document.getElementById('code').focus();
      } catch (err) {
        errorEl.textContent = err.message;
        errorEl.classList.remove('hidden');
        statusEl.textContent = '';
      } finally {
        btn.disabled = false;
        btn.textContent = 'Send login code';
      }
    }

    async function verifyCode() {
      const btn = document.getElementById('codeBtn');
      const errorEl = document.getElementById('error-code');
      const codeVal = document.getElementById('code').value.trim();
      if (!codeVal || !currentEmail) return;

      btn.disabled = true;
      btn.textContent = 'Verifying...';
      errorEl.classList.add('hidden');

      try {
        const res = await fetch('/api/auth/verify', {
          method: 'POST',
          headers: { 'Content-Type': 'application/json' },
          body: JSON.stringify({ email: currentEmail, code: codeVal }),
        });
        const data = await res.json();
        if (!res.ok) throw new Error(data.error || 'Invalid or expired code');

        localStorage.setItem('ds_token', data.token);
        localStorage.setItem('ds_user', JSON.stringify(data.user));
        document.cookie = 'ds_token=' + data.token + '; path=/; SameSite=Lax; max-age=3600';
        window.location.href = nextURL;
      } catch (err) {
        errorEl.textContent = err.message;
        errorEl.classList.remove('hidden');
        btn.disabled = false;
        btn.textContent = 'Verify & sign in';
      }
    }

    async function resendCode() {
      const btn = document.getElementById('resendBtn');
      const statusEl = document.getElementById('code-status');
      btn.disabled = true;
      btn.textContent = 'Sending...';
      try {
        await fetch('/api/auth/challenge', {
          method: 'POST',
          headers: { 'Content-Type': 'application/json' },
          body: JSON.stringify({ email: currentEmail }),
        });
        statusEl.textContent = 'New code sent to ' + currentEmail;
        btn.textContent = 'Code sent!';
        setTimeout(() => { btn.textContent = 'Resend code'; btn.disabled = false; }, 3000);
      } catch {
        btn.textContent = 'Resend code';
        btn.disabled = false;
      }
    }

    // Auto-submit when 6 digits entered
    document.getElementById('code').addEventListener('input', (e) => {
      e.target.value = e.target.value.replace(/\D/g, '').slice(0, 6);
      if (e.target.value.length === 6 && codeSent) verifyCode();
    });
  </script>
{{end}}